Regulating AI technology is essentially a pipe dream at this point. But that doesn’t mean banks should give up on responding to their customers’ data privacy preferences, even as they determine how best to use Generative AI technology. In this blog, we’ll dive deep into the ethical concerns raised by AI and explore a proposed new framework for respecting customers’ rights and preferences in the AI age, something we’re calling #MyAI.

Unchecked Data Privacy Risks in the Generative AI Era

From daily interactions to complex financial decisions, AI has the power to reshape our lives for good and bad, often without us realizing it. 

At this point, the genie is out of the bottle. The toothpaste is out of the tube. Whatever metaphor you prefer, AI is already highly prevalent in financial services. Its extraordinary computational power can be applied across a wide range of use cases, from risk management to training data to customer experience operations and more. 

While AI has benefits, some people are inherently suspicious or simply prefer to sidestep it whenever possible in the rapidly disappearing non-digital age. While it’s still feasibly possible, it’s getting harder and harder in today’s online world for people who want to avoid engaging with AI-based decisions to “live off the grid.”

Attitudes to AI are extremely polarized. It is impossible for regulators to keep everyone happy, and even if they could find common ground, it would involve a lot of divisive debate and many feeling resentment at either end of the scale.

So while regulation is still some way off, banks aren’t helpless. In fact, even as they research new AI and Generative AI use cases, banks have a social and ethical responsibility to respect their customers’ wishes not just for data privacy but for AI-based interactions as well. 

The adoption of AI is moving far faster than regulation. Rather than wait, banks have an opportunity to take the lead on safeguarding customers’ wishes over how AI is or is not used in their individual interactions. In the face of the transformative changes brought by Generative AI, financial institutions can differentiate themselves by proactively practicing responsible and ethical behavior by committing to protecting customers’ personal information by respecting their data privacy. 

Introducing #MyAI: A New Framework for Customer Choice for AI Privacy

The financial industry already has a precedent for respecting customers’ wishes for data privacy. For example, the EU’s General Data Protection Regulation (GDPR) gives customers greater control over their personal data use. The Cookies and ePrivacy Directive, also known as the “Cookie Law,” is a great blueprint for the commercial use of AI and the need to receive prior user consent before it can be used in all but exceptional circumstances.

Like GDPR for data privacy and data collection, the financial industry needs a unified policy addressing AI and Generative AI consent. Banks should not wait for regulators to impose new rules but should take the lead in offering customers a choice regarding AI usage. Providing options such as high, low, or even none-utilization of AI can become a part of their customer engagement strategy, demonstrating their commitment to empowering individuals.

With regulatory frameworks for generative AI in the nascent stage, banks must proactively implement responsible standards. But what does it mean to practice responsible AI in the generative AI era? Financial institutions must carefully consider how they operate within this landscape, ensuring that AI-driven decisions treat their customers fairly. It can also be a strong market differentiator. 

Customers want to trust their bank and the decisions made on their behalf. They care about their data (my data), their privacy (my privacy), and their ability to control how financial decisions are made on their behalf (my financial destiny). The #MyAI framework is a way to deliver the control over their financial lives that customers expect.

7 Steps to Implement a #MyAI Framework

To establish a #MyAI framework, financial institutions can follow these steps:

1. Measure customer comfort with AI

Banks should first understand their customers’ preferences and comfort levels regarding AI usage. Consider conducting surveys or focus groups to gauge how customers interact with AI in their banking workflows and how comfortable they are with additional uses. Listening to what bank customers want and expect regarding AI interactions is the most crucial first step banks and financial institutions can take. 

2. Audit all AI use cases internally

Banks should also comprehensively evaluate their organization’s existing AI applications and their impact on customers. This should be a top-to-bottom review of how much a bank’s current AI solutions are public-facing and what changes will be necessary if customers decide they don’t want to use AI for those services.

3. Vet third-party AI services

In addition to reviewing their AI use cases, banks should also look closely at how their vendors and third-party providers (TPPs) use AI. After identifying how TPPs use AI, banks should ensure they align with their business values and responsible AI practices.

4. Focus on FATE

One of the top concerns of bank customers reluctant to use AI is they can’t necessarily trust its decision-making. This concern is well-founded, given that some AI systems are a black box that offers few insights into the system’s decisioning process. Banks should ensure they can accurately measure their AI models’ fairness, accountability, transparency, and explainability (FATE). If the system is lacking in any of the four FATE principles, the bank should take steps to address it.

5. Understand exceptions to the rule

While respecting customers’ wishes is critical, there are exceptions when fraud detection and financial crime. For example, if an account is suspected of being connected to fraud, banks are within their rights to maintain the customer’s data to investigate the incident. The #MyAI framework should identify similar exceptions. Banks should be transparent in using AI based on these exceptions, such as assessing unusual customer behaviors or inbound transactions. 

6. Assess the AI system’s value

Determine the importance and value of AI-based decisions to customers and their associated costs. Distinguish whether an AI initiative is crucial to customers’ lives or a game-changer for the business. For example, would a significant share of customers be willing to close their other bank accounts at other financial institutions if the bank had a specific offering? If the answer is yes, it could have a significant positive impact on the bank’s business. If not, it might be worth reconsidering it. Realizing the business impact of the initiative is critical because it will determine if the costs justify the investment or if it’s a “nice to have” feature that doesn’t provide significant value overall.

7. Determine the feasibly of respecting customers’ wishes

Banks should also determine how practical accommodating their customers’ preferences is. For example, if a customer is applying for a loan and doesn’t want their application reviewed by an AI system. Instead, they would prefer a human being conduct the review. If this is the case, banks should be able to offer the customer a non-AI-based alternative. However, they can impose a fee to offset the cost of a manual review. Banks can also consider achievable options, such as avoiding sending loan offers based on AI assessments.

The Age of AI Requires a #MyAI Framework

Banks should avoid engaging in the fractious debate over whether AI tools are good or evil. Instead, banks should recognize that AI is here to stay and will be integral to financial services for years. But people still retain the right to determine how much AI should influence their daily lives and choices. That’s why banks and financial institutions should stay ahead of regulators and embrace the #MyAI framework.

By providing a compass in this complex landscape, banks can navigate the challenges of AI while empowering individuals to make their own choices. It is time for a new era of digital consent in the AI age – the era of #MyAI.

In “Feedzai Fraud Frontlines,” we’ll walk you through a technical challenge, what we tried, what we learned, and what comes next. Come with us as we migrate a client from their own self-managed cloud environment to Feedzai-as-a-Service. 

Preventing Digital Wallet Transaction Fraud in Latin America

Our client is a digital wallet provider based in Latin America. As pioneers in the industry, their innovative solutions swiftly gained traction, offering users lightning-fast transactions and bringing vital financial services to underbanked populations. But with great popularity comes great responsibility – the job of fending off fraudsters. 

Fraudsters quickly exploited our client’s success, using impersonation fraud and social engineering to commit authorized push payment (APP) scams. That’s where our partnership began. Feedzai deployed our powerful Pulse and Transaction Fraud technology to help the client fight back against fraud.

The firm was quick to learn that there’s a price for popularity. As experienced fraud fighters, we understand all too well that any technological advancement that combines speed and money will inevitably see fraudsters among its earlier adopters. And that’s just what happened. Feedzai stepped in to provide more than just fraud prevention solutions. We also put the client on a path to additional growth by helping them shift to our cloud environment.

Feedzai collaborated with our client with help on three key issues: minimizing fraud, migrating from the client-owned cloud infrastructure to Feedzai’s software-as-a-service, and protecting new use cases from fraud as they emerged from the additional business lines that came with the client business growth. Here’s how each step of the journey unfolded.

Problem 1: How to Address Rampant Transfer Fraud

First, the firm faced an issue with transaction fraud. Bad actors were committing impersonation fraud to convince victims to send them money under false pretenses, often using social engineering. Using these tricks, fraudsters convinced victims to transfer money using authorized push payment (APP) scams. Fraud became an issue across several of the firm’s business lines, including P2P transfers, eCommerce payments, bill payments, digital goods, and more.

Imagine spending years building up a reputation for speed and convenience. You’ve probably done so yourself. The last thing you want is to see your efforts undone by fraud. 

This is where our partnership first started. We started by installing our Pulse solution to support the client’s rules and metrics. We also recently launched our Transaction Fraud platform, which we installed later. Our data science team helped the firm establish rules and metrics according to each different business line. With the implementation of Feedzai’s Transaction Fraud platform, the firm saw a decline in APP fraud across different use cases.

Problem 2: Client Needed to Upgrade its Cloud Setup

But addressing the client’s fraud challenges was just the beginning. After experiencing rapid growth, the firm wanted to shift from its existing self-managed cloud environment to the Feedzai-as-a-Service cloud environment. The client wanted to focus on its growth, after all, not fraud prevention. 

There were several reasons the firm decided to make this shift. At this stage of the relationship, Feedzai had full access to their log files and was capable of delivering a strong performance when support tickets were filed. At the same time, the access we had internally with the firm made it easy for us to make system improvements without depending on the client’s infrastructure team for intervention.

The shift from their own cloud infrastructure to Feedzai-as-a-Service also provided significant financial relief for the client. The firm no longer had to absorb the costs and expenses of maintaining a cloud environment on their side. Plus, they could quickly enjoy features that were exclusively available to Feedzai customers through our cloud service.

The client’s desire to shift to Feedzai-as-a-Service was driven by ongoing infrastructure issues with its self-managed cloud environment. These caused delays and extra effort for the client’s team of experts to maintain it. For example, when the client opened a support ticket, it could take hours or even days to collect all the necessary log files. In other words, it required a lot of unnecessary additional work for the client to resolve simple issues with their existing arrangement.

The client realized these struggles to resolve basic issues presented a significant obstacle to its growth plans. They realized it was better to partner with someone who was willing to manage a cloud environment on their behalf while the organization focused on its growth plans.

Problem 3. Cloud Migration Challenges for Both Sides

The client eventually reached the decision to migrate from its self-managed cloud to Feedzai-as-a-Service. The decision was a significant milestone for each party. For the client, it was a moment in their growth as a company to take on new challenges. For Feedzai, it was the first time to help a client upgrade to the cloud.

But as history can attest, the journey to be the first at anything rarely goes smoothly. As with other first-time journeys, there were stumbles along the way.

The most notable stumble occurred during the migration process. The client’s business expanded rapidly after the migration kicked off, and it decided to add new business lines to its portfolio. This caused delays in the migration process, which was already underway at this point. If customers from these business lines were not factored into the cloud environment’s design, the rules and metrics would not have worked as intended. 

As a result, we had to slow down the migration process to accommodate these new cases. During this time, we analyzed how the client’s expansion goals impacted our initial migration plan as well as Feedzai’s cloud infrastructure and dimensioning. After a few months, we were able to recalibrate the plan accordingly and resume the migration. 

How to Make Cloud Migration Go Smoothly

When being the first at anything, it’s important to understand that things are unlikely to go as initially planned. Feedzai’s first cloud migration case was no exception. Here are the key lessons we learned from our initial cloud migration experience.

• Practice clear, open communication: Communication should start with clarifying the goals and hierarchies for both sides. Set clear expectations of who is responsible for which tasks and how each party will communicate developments with each other. Establishing who is responsible for specific tasks will offset any potential disruptions. 
• Outline the full scope of the project: Just as importantly, it’s important for both sides to understand the change process and how the new process will alter existing processes. It was important for our client to outline its business priorities so we could factor them into our cloud migration plans. Communicating these critical details will help clients understand the change process and how to make change requests if additional scope is introduced. It’s important to have a clear understanding of how many business use cases the migration process will cover – both now and in the future – in order to complete work in a timely fashion.
• Loop in all relevant stakeholders: It was also important to have all major stakeholders involved in big decisions. Keeping managers, vice presidents, and C-suite level leadership in the loop will keep them aware of how the project is unfolding. The stakeholders, after all, are the people who must sign off on projects and will understand their organization’s priorities and who must understand a project’s risks. Having them constantly looped in will make it easier to address any unexpected challenges that arise and alleviate the need to escalate things if there are serious issues or disagreements over how to proceed.

As with any first-time journey, there are lessons we can learn and incorporate into future projects. The key lesson we can learn from our voyage cloud migration experience is to communicate effectively with all parties and to ensure everything is lined up before a major undertaking like cloud migration gets started. 

Changing the Conversation Around Mental Health and Menstruation

On World Mental Health Day and the eve of World Menopause Day, Feedzai announced the implementation of a new Mental Health / Menstruation Leave Benefit. In the days that followed this announcement, I received questions about why we moved forward with this initiative. My question is, why wouldn’t we?

There’s a vast amount of statistical data on absenteeism during the menstrual cycle or employees that left their jobs for mental health reasons, both voluntarily and involuntarily. Here are a few notable figures:

• Between 15-25% of people with periods endure moderate to severe menstrual cramps that can affect their ability to work
• In the US, 11% of people who menstruate suffer from endometriosis, while 20% have dysmenorrhea, which are menstrual disorders that can have a dire effect on everyday life and cause worse symptoms and discomfort throughout the menstrual cycle
• Half of Gen Y and 75% of Gen Z have left roles for mental health reasons

Under this new employee benefit, those who need it will not need to provide a medical certificate or doctor’s note, nor do they need to specify why they are taking the leave. Instead, we want to foster a more inclusive and safe working environment, ensuring we meet our employees’ needs and give them the conditions they need to thrive and be successful.

We allow all employees one (1) day off per month without a salary impact for self-care when experiencing physical and mental health, menstruation, or menopause-related symptoms. When they ask for this leave, they will be given up to one day a month to use when experiencing symptoms associated with menstruation, menopause, or that impacts their mental health and impairs their ability work.  This day is an additional paid day off, but like sick leave, it is not carried forward.

We are implementing this new leave benefit because we recognize that some of our employees may be suffering from symptoms related to either their mental health, pre-menstrual syndrome, menstruation, or menopause that can impact their ability to feel well and work.

We also know these symptoms are not always easy to address with managers or superiors. It can be uncomfortable or taboo to talk about inside and outside the workplace. Above all, we want employees at Feedzai to know that we will support them should they need it.

Where Ambition Meets Opportunity

Not long ago, in this very blog, I talked about my wishes for this year. Connection, Support Systems, Understanding, Empathy, and Innovation, were the words and expressions I highlighted. All of these connect with the benefit we are now offering our employees. Mental Health / Menstruation leave helps to create the conditions they need to do their best work and ensure they can balance their work and personal life.

We have the opportunity to create change we would like to see in the world. This benefit starts the conversation about these important topics with our more than 650 employees across the globe.

By training our managers to have the conversation about mental health and menstruation needs we are taking action to remove the stigma and ensure our employees know that these topics are nothing to be ashamed of. We are raising awareness, promoting open dialogue, and a more inclusive environment.

We offered this knowing that not every employee would feel comfortable asking for this benefit even if they need it. We offered this benefit knowing that our managers may feel uncomfortable when an employee reaches out to ask for it. It was important to us that we didn’t let this discomfort get in the way of supporting our employees and normalizing these topics.

Connection, Support Systems, Understanding, Empathy, and Innovation. Our new Mental Health / Menstruation Leave Benefit ticks every box, and I couldn’t be prouder to work for a company that is brave enough to lead the way in offering this benefit.

If you’re ready to join our amazing team, check out our current openings.

Upgrading legacy systems is a wise investment when considering growth. But some banks are hesitant to replace them because they’re afraid to disrupt the customer experience. While this is a perfectly reasonable concern, it’s easier than many banks realize to upgrade core systems without causing customer friction.

Here’s why it’s time for traditional banks to upgrade their legacy banking systems – and how to do it without disturbing the customer experience. 

3 Reasons Banks Should Upgrade Their Systems

• Legacy systems struggle to keep up with newer technology. Fraud detection and prevention technology has made considerable leaps forward in recent years – and revealed the limitations of rules-based legacy technology. With each advancement, banks must find ways to integrate multiple technologies into their system. The result? Cluttered patches of middleware that stitch together several disparate systems. Arrangements like this can cause chaos and confusion for bank staff as they struggle to get different solutions connected to different teams.
• Increased digital banking activity. The rise of FinTechs and digital payment options creates additional challenges for legacy banking systems. In an age where customers expect to be able to make payments instantly, these systems struggle to keep up. Today’s consumers also embrace open banking and embedded finance solutions that give them the flexibility to use financial tools outside their primary bank. These realities have exposed the inadequacies of legacy systems.
• Advancements in cloud-based systems. The availability of cloud-based technologies makes it easier for traditional banks to undertake a legacy infrastructure replacement project. In the past, a rip and replacement project for a legacy system could take years. Cloud-based technologies can quickly plug into a legacy system via an API ecosystem and are considerably more nimble than legacy systems.

A Guide For Banks To Replace Legacy Banking Systems Smoothly

The rapid growth of digital banking, the rise of big data, and the availability of cloud-based systems create the ideal conditions for banks to undertake what would otherwise be a cumbersome and daunting project. However, while undertaking this effort it’s important to ensure bank customers are not disturbed as they conduct business. 

Here’s what banks can do to ensure a smooth upgrade of core banking systems. 

Communicate the Goal of Legacy Technology Replacement

It’s important for everyone at the bank – including the board of directors, the managing director, IT staff, and bank customers themselves – to understand the benefits the project will deliver. Clarify the intended goal of the project and the KPIs you intend to meet. Is the goal to enable new banking functionalities? Or implement faster, more accurate fraud detection capabilities? Or is it necessary as the bank expands into new geographies? Communicating the goals early will help avoid a misalignment of what the improved system will accomplish.

Start Small, Then Expand Efforts

Replacing legacy systems is a large undertaking. If something goes wrong, it will impact your entire customer base. That’s why it makes sense to start with a smaller sample of customers before expanding the efforts to the full customer base. Work with the vendor to establish the project’s “north star goal” – the top goal that drives the project; make sure the customer understands it. Choose a sample group of customers (e.g., from the credit card portfolio) to test the project’s hypothesis. Make sure your vendor delivers on the stated goal.

Design the Upgrade with Security First

When working with a solutions provider, make sure they are  security-oriented. This is a critical step in avoiding service interruptions, potential data breaches, and negative headlines. The last thing your bank needs is to be on the cover of WIRED because of a security oversight. Bear in mind that data regulations have evolved considerably in the past few years alone. Instead of being locally stored in on-premises systems, a bank that uses cloud-based hosting must ensure they handle data securely and responsibly. 

Keep an Eye on the Long-Term Plan

The purpose of upgrading your bank’s legacy system should not be to solve a single problem. After all, like other banks you’ve got plans to grow your operations and you’ll need a partner who can keep up with your bank’s increasing needs. Ask your vendor how they can help with increased volumes of payments and transactions. Look for a provider who can grow with you – preferably one who has been through this type of project before. 

Today’s bank customers expect to be able to transact at a rapid pace. Financial service providers who can’t deliver on those expectations will risk losing customers to competitors. Upgrading legacy banking technology is a critical step to delivering on that expectation. But banks need to proceed carefully so they do not interrupt their customers’ journeys. Working with the right vendor in pursuit of clearly stated goals is the right way to get started. 

If you are looking for a fraud solution that provides strong digital trust, we’d like to help you. Schedule a demo with us today to see how our experts and our technology can help establish digital trust for you and your customers. 

Three key trends are emerging globally and creating imperatives for change in financial crime. 

Challenge 1. Digital Banking is Still Expanding 

The trend was already very clear: more people are accessing banking products and services digitally. During the past two years, the pandemic only accelerated this pattern. The expansion of digital servicing into more complex or new financial products, and the rapid digital adoption by corporate and commercial clients led to exponentially higher volumes and new threats, hence higher risk exposure for banks. As more people transact online and in real time, protecting customers from fraud threats scattered across multiple channels grows increasingly challenging. 

Imperative: Banks Must Focus on Building Stronger Digital Trust

To compete in a highly digitalized world, financial institutions (FIs) need to maintain trust by building even stronger defenses and wiser interventions. Prevention layers built on legacy, rules-based risk engines that leverage limited customer data points can no longer keep up with today’s fraud risk management demands. As a result, machine learning technology becomes an imperative to maximize outcomes.

These prevention layers need to be multi-threaded and cross-referenced as follows:

• Multiple access point defenses: This applies to client devices, risk-based multi-factor authentication (MFA) stages, or voice authentication.
• Channel level navigation patterns: Including IP addresses and in-app user experiences.
• Channel level transaction patterns: Such as a customer’s in-channel spending patterns, etc.
• Cross-channel patterns: Behaviors across different channels, including point of sale (POS), in-branch, or digital channels.
• Entity link analysis: Which covers networks associated with an identified suspicious account, entity, or individual to determine if a case is limited to an isolated individual or is part of a broader fraudulent pattern.

Challenge 2: New Digital Payment Methods Are Emerging Quickly 

The payments domain has experienced significant disruption from new offerings built by new entrants as well as the vast modernization initiatives of national- and regional-level payment rails. Global banks have specifically encountered the biggest challenges, such as accelerating payments innovation and offerings, remote teams across diverse geographies, and dealing with exponentially-growing digital payments volumes and data. 

Growing risks and threats have been attached to this new reality. This has been reflected in the news on an ongoing basis, from fraud with email money transfers, scams on the Zelle network, attacks on digital wallets, to digital identity theft leading to irrevocable instant payments used for money laundering.    

Imperative: Invest in global, data-driven hubs for financial crime  

Ultimately, this means adapting fraud and financial crime operations and technology to enable the roll-out of more accurate and granular risk-scoring models, at customer level, in faster time to market.  Moreover, real-time business and payments also mean real time or near-real time approaches to financial crime management. 

Native, cloud-based platforms are becoming the norm. Cloud technology enables intelligent leverage of the massive build of payments and customer data, breaking down data silos and enabling application of effective machine learning. A modern financial crime platform also needs to support nimble integration of data, in a low code approach that can be simply executed by bank resources with little training or support. 

Challenge 3: Increasingly Demanding Customers And Employees 

Financial crime management can negatively impact customers and employees when it’s done incorrectly. Too often, this may be left at the bottom of the priority list. However, it’s one that can have dramatic consequences.   

Such consequences include: 

1. Too many false positives: create customer frustration and delays in financial product consumption. It contributes to customer attrition, brand reputation issues, and added stress for fraud analysts. 
2. Cumbersome KYC/CDD processes: A manual Know Your Customer/Customer Due Diligence (KYC/CDD) onboarding process causes friction and high abandonment.
3. External data gathering is a tedious manual journey: Relying on humans to collate information is not only error prone but also frustrating for bank personnel. Manually gathering data from external sources is especially problematic as part of the investigations process, and puts unnecessary burden on your teams.

Imperative: Automate and digitize financial crime management   

Financial crime technology investments have been left as an afterthought relatively speaking compared to other areas in global banks. But one cannot digitize, automate, and improve on product, customer and employee engagement without addressing financial crime management with these same principles. 

Banks traditionally view risk management through the lenses of reducing net losses and minimizing false positives. Automating financial crime risk management requires allocation of funds made on the basis of holistic business cases where additional lenses are applied. These lenses consider customers, employees, and shareholders. It also opens new opportunities to transform global banks’ risk management functions into strategic levers for new product developments and launches. 

But furthermore, financial crime can bring the best of artificial intelligence value demonstrated in financial terms and as a way of seeding wider capability development in banks. 

Re-Think Financial Crime Risk Management with RiskOps

Risk operations (RiskOps) enables banks and FIs to take a more holistic approach and is changing the way financial services think about risk. RiskOps platforms are designed to address three common financial services risks using three key pillars. 

• Digital identity. Identities are no longer linked to a single device, computer, or social networking account. This makes it more difficult to continuously authenticate an individual.
  • RiskOps platforms enable a smoother customer experience with a customer-centric AI approach focused on understanding each customer’s baseline behavior and analyzing all available data points. 

• Real-time data. The data related to transactions or online exchanges is growing at a rapid pace. Meanwhile, the expansion of faster payment systems around the world and new non-fiat payment options like cryptocurrency creates new data challenges.
  • RiskOps platforms are supported by a comprehensive architecture pillar that provides banks with a centralized hub to process data from any sources in real-time and at scale. 

• Connectivity. With increasing remote working and distributed global teams, the old methods of collaboration to resolve cases or review data are no longer viable. 
  • A modern RiskOps platform is built on a collaborative analytics suite that enables greater communication across teams, enabling them to develop compelling customer experiences, reduce decision bias, address emerging risk types, and lower costs.

The new reality is one where financial crime is taking new twists and cannot be simply viewed as “let’s keep doing what we are doing” and expecting different results. Collaboration between banks and FinTechs is imperative to accelerate and de-risk financial crime progressive modernization and ensure sustainable results.  

Download the Q2 2022 Financial Crime Report to learn most popular fraud schemes, global fraud hotspots, and the latest in consumer spending trends. 

The Financial Conduct Authority (FCA) performed a review on challenger banks and the results are not encouraging, with some of these financial institutions failing to conduct proper due diligence during the onboarding process and/or perform overall risk assessments.

Large consumer adoption brings greater responsibility for challenger banks

The switch to challenger banks is a trend among UK consumers. Challenger banks are intrinsically tech-savvy and typically digital-only banks. They are seen as more convenient for customers to when it comes to basic banking needs such as transferring money and opening additional accounts.

Challenger banks are critical for the UK financial landscape due to their large adoption (online-only banks already account for 27% of the market). This reality carries great responsibilities. These banks need to maintain their trademark of nimble processes for the customer but must also grant the same levels of security as traditional banks provide.

The easy and fast onboarding and money transfer processes resulted in the rise of the popularity of challenger banks amongst financial criminals, according to an NRA 2020’s risk assessment.

The higher risk these financial institutions face increases the need to understand if they are ready to fight financial crime. As a result, FCA conducted a study that analyzed 6 challenger banks – over 50% of the most relevant firms – with more than 8 million users.

FCA Challenger Bank Study Finding

The outcome of this study was that challenger banks need to improve their financial crime risk assessment.

In some cases their Customer Due Diligence (CDD) was flawed, lacking validation of basic information such as the occupation and income of the customer. This data is crucial to understanding the real motivation from the customer towards the bank.

Challenger banks are also failing to conduct Enhanced Due Diligence (EDD) as a step of the Anti-Money Laundering (AML) procedures by not formally documenting higher-risk cases like Politically Exposed Persons (PEP).

Additionally, there is the absence of a clear strategy for managing transaction monitoring alerts. They do not follow a coherent pattern for dealing with alerts and the investigation notes lack data and criteria.

The faulty CDD implementation opens a breach for fraudulent customers to successfully open an account and results in less effective transaction monitoring.

A review conducted in 2021 uncovered a rise in Suspicious Activity Reports (SARs), where in some cases, these banks ended relations with customers due to financial crime reasons. Most of those clients could have been stopped or tracked from the beginning if they were correctly analyzed during the onboarding process.

Rethink Customer Onboarding Strategy and AML Procedures

As Sarah Prichard, Markets Executive Director at the FCA, mentioned: “There cannot be a trade-off between quick and easy account opening and robust financial crime controls”. Therefore, challenger banks must revisit their strategy for the implementation of AML procedures. They must review and conduct risk assessments as part of the onboarding process. Additionally, the validation of customer’s against sanction lists and media adverse lists are critical, alongside the identification of the ultimate beneficial owners.

Despite failing on AML compliance on some levels, some good practices were highlighted, such as the identification and verification of customers through video selfies and mobile phone geolocation data. Some of those also incorporated additional monitoring for specific customers, for example, checking on customers using multiple divides to manage their accounts.

Solutions that are flexible and that grow with the company are the key to helping these financial institutions evolve to the correct implementation of AML procedures and easier management of monitoring transactions, keeping both the bank and the customer safeguarded.

Want to learn how Feedzai can help you protect your customers and your organization from money laundering? Download our Solution Guide For Financial Institutions: How to Evolve Your Suspicious Activity Detection.

How PSD2 Changed the EU’s Banking Landscape

US financial institutions can benefit from the experience their EU counterparts went through to become PSD2 compliant. The European Union’s Second Payment Services Directive (PSD2) was built on two core concepts:

• Increase Market Competition: The first component was to promote greater competition in the EU’s financial services market by making it easier for customers to share their data with banks, FinTechs, and third-party providers (TPP) using application programmable interfaces (APIs). 
• Strong Customer Authentication (SCA): The second concept introduced enhanced security requirements using strong customer authentication for electronic payments – such as multi-factor authentication (MFA), biometric authentication, or a password or PIN. This relies on having any two of the following three factors:
  • Knowledge – things the user knows like a password or PIN;
  • Possession – something unique the user has access to, like a mobile device; and
  • Inherence – something unique about them like a fingerprint or facial pattern.

I recall how the reaction to PSD2’s requirements at many UK and EU banks was one of trepidation and anxiety. Bear in mind, global financial markets worldwide were still adjusting to an earlier round of regulations that followed the 2008-2009 economic downturn. After going to great lengths to ensure the bank met the minimum capital requirements to prevent another crash, EU and UK banks were also required to share customer data with potential competitors. 

PSD2’s 3 Biggest Lessons from EU Banks

US financial institutions can benefit from the learnings their EU counterparts gleaned to become PSD2 Compliant. 

Below are three insights from Feedzai’s collective experience in becoming PSD2 compliant as both a bank and a solution provider:  

• Customers hold banks liable for data breaches. PDS2 raised new questions over where customers would place the burden of liability for data breaches and fraud – and how to educate customers about how to handle their data. A notable concern was whether or not customers would blame their banks even if data breaches did not occur on any of the bank’s platforms. 
• Open Banking disrupts customer experiences. EU and UK banks had to interpret the new rules of PSD2 and implement solutions that delivered consistent customer experiences. For example, if some banks required passwords or PINs for their SCA and others required biometrics or facial recognition, there could be inconsistencies across the market. Therefore it was key that FIs considered how to balance customer experience and regulatory compliance. A great example of this was the wide-scale adoption of push notifications to leverage the trust built into native mobile banking applications. 
• Open banking increases competition and opportunity. With data moving more freely between organizations, banks faced a more competitive market both from legacy FIs and newer FinTech players that could entice customers with tech-savvy offerings. At the same time, banks realized they could also use customer data to poach customers from competitors. In this sense, banks were both poachers and gamekeepers in the PSD2 landscape.

A Guide to Becoming Open Banking Compliant in Less Than 6 Months

Although PSD2 was a disruptive event (as many regulator-first initiatives are), there was a sense of excitement at my old employer over the opportunities that it created. That’s because PSD2 pressured banks like mine to deliver a truly customer-centric proposition. Working with Feedzai, my bank realized we couldn’t solve just a single problem. Instead, we needed a platform approach so that we could easily pivot to address new PSD2 challenges. 

Here’s how Feedzai makes it possible to become PSD2-compliant in a short span of time.

Implement a Customer-Centric Fraud Prevention Strategy

If we tried to solve a specific Open Banking fraud problem, we couldn’t easily pivot to address fraud on traditional banking channels and vice versa. After all, data transmitted via an Open Banking channel could come back in a cards or transfers channel. Instead, we had to create a truly customer-centric fraud prevention system that addressed fraud on whichever banking channel the customer used.

Use Cloud-Based Deployment with Legacy Banking Systems

Determining whether we should invest additional resources to our existing legacy banking system was the biggest obstacle to delivering a customer-first fraud prevention strategy. Investing in cloud technology that enabled faster deployment instead of adding to our existing legacy stack made the most sense. Digital innovation was already on our roadmap at the time, and Open Banking regulations gave us the motivation we needed to move forward with our investment goals.

Embrace AI and Machine Learning

The Open Banking compliance challenge required banks to deliver real-time updated models into production to prevent fraud across multiple banking channels. This made the implementation of artificial intelligence and machine learning technology a necessity that enabled our bank to outperform its legacy system.

Being able to hit all three of the key targets (embracing a customer-centric fraud prevention strategy, investing in cloud, and embracing AI and machine learning) listed here with a single platform was a key goal for us. As they address their own Open Banking priorities, US and Canadian FIs should determine their own best path forward. Bear in mind that digital banking technology has evolved since the days of PSD2. North American FIs should define what success is as they pursue their own priorities. It also helps to talk to those with experience adjusting to Open Banking compliance realities like EU and UK counterparts.

Today, European banks are well-positioned to process a significant share of open banking payments in the coming years. A recent report projects European banks are on track to serve 75% of global open banking payment users by 2026 while the share of North American banks will be just 9%. The same report estimates the value of open banking payments will reach $116 billion by 2026.

Open Banking regulations promise to bring significant changes to the North American banking landscape. Fortunately, these banks don’t have to go down this journey alone. Banks in the EU and UK have already blazed a trail. With the right partners, North American banks can meet their own Open Banking compliance obligations in less than six months.

Download our ebook PSD2 & Strong Customer Authentication: A Collection of Resources for Banks to learn how to reduce customer friction while satisfying SCA.

What is Open Banking?

Open Banking is a regulatory framework designed to make it easier for consumers to share their financial data with banks, FinTechs, and third-party providers (TPP) using application programmable interfaces (APIs). These regulations aim to give consumers greater control over their financial lives by making it easier to access the financial products they want – even if their primary bank doesn’t offer it.

In addition to greater flexibility and control for consumers, Open Banking also levels the playing field by enabling smaller and newer players like FinTechs and challenger banks to compete with larger, more established legacy players. The idea is to inject greater transparency and competition into the market while also boosting customer satisfaction.

What EU & UK Experiences Taught Me About Open Banking

Some regulations are industry-driven, while others are consumer-driven. But North America’s Open Banking initiative already shares one of the biggest challenges that I’ve seen happen in the EU and UK markets: it’s regulator-driven.

A few years ago, I worked at a major UK bank when the EU and UK kicked off their Open Banking regulations. Unfortunately, in their effort to inject fairness into the market, regulators unintentionally injected a sense of haste to boot. EU and UK banks scrambled to understand the new rules, research how to safely and responsibly share customer data with potential competitors and to remain compliant and competitive when the rules went into effect. In the rush to be compliant, it was easy to overlook opportunities to deliver exciting and innovative solutions that would delight customers.

The reality is that adoption of any regulator-first initiative proves to be challenging. Regulators must explain why they’re undertaking the initiative to banks – who must in turn explain to their customers how it impacts their lives. In other words, banks will both be learning the new rules of Open Banking themselves while simultaneously teaching them to their consumers. North American banks will face the same pressure to follow their regulators’ framework. At the same time, it’s important to remember to focus on delivering exciting new solutions and products for customers.

Is Open Banking Coming to North America?

While open banking has been a reality in Europe since the Second Payment Services Directive (PSD2) went into effect in late 2020, will it become a reality in the US? It’s looking that way.

Recent events suggest a path for open banking in North American nations:

• USA: President Joseph Biden signed an executive order in July 2021 directing the Consumer Financial Protection Bureau (CFPB) to move forward with open banking efforts and establish rules for consumer data sharing under Section 1033 of the Dodd-Frank Act that would make it easier for bank customers to share their data with FinTechs or TPPs.
• Canada: The Canadian government issued a report outlining a plan to introduce open banking to the nation’s financial system by 2023.
• Mexico: Open banking regulations have been in place in Mexico since the 2018 passage of the nation’s “FinTech Law”. Under the law, FinTechs are required to share data using regulated APIs.

But despite these recent developments how likely is it that Open Banking regulations are going to become a reality? Especially in the US where control of government may change hands after the 2024 presidential election?

It’s hard to predict how potential new US leadership will view these regulations. While more conservative American politicians have historically taken more anti-regulatory stances, it’s unclear if a new administration would take direct aim at the proposed regulations if and when they assumed power.

This means that US and Canadian banks should make sure they are taking the necessary steps to prepare for how these regulations will impact their business operations.

What North American Banks Need to Know About Open Banking

North American banks can get ahead of the disruption I witnessed with UK and EU banks by understanding what such a system will look like. Here’s what to expect:

• Empowered Customers Can Use Products Across Multiple Organizations: Easier control over data will mean bank customers have more financial options. Customers can have a debit card with one organization, a mortgage with another, an auto loan with another, crypto investments with another, and so on. Banks should consider how this impacts relationships with customers, who are no longer hindered by the inertia of slow and cumbersome data-sharing capabilities.
• Financial Innovation Becomes a Differentiator: Difficulties with data-sharing leaves consumers unmotivated to switch banks and creates inertia for banks to innovate new products. Open Banking breaks this inertia by putting pressure on banks to focus on the products their customers have come to expect.
• More Financial Competitors Enter the Market: Newer players will have the opportunity to step up and offer compelling financial services for consumers. Banks must understand that they are competing with newer FinTechs as well as other legacy banks.
• New Types of Open Banking Fraud: Unfortunately, the new banking channels that consumers will use to access new financial products will inevitably be targeted by bad actors. Banks should consider how consumers will use these new channels – and how fraudsters could abuse them.
• Data Privacy Concerns and an Evolving Financial Landscape: Open banking raises new questions over data privacy and protections meaning the immediate challenges North American banks face will not be the end of the story. New regulations will emerge eventually, so be prepared to pivot.

5 Ways North American Banks Can Prepare for Open Banking

As with any new regulation, open banking will bring a host of challenges for banks when it goes into effect. In order to thrive in this new environment, here are some steps North American banks should consider as they seek to implement open banking practices.

1. Re-think your Risk Assessment Strategy

If your bank has a risk assessment with certain definitions, that assessment will likely produce suboptimal results. That’s because both the products and the participants will be different in an open banking environment. Instead, approach risk assessment by understanding how your consumers use products and services and with whom they share their data. If you know what motivates your customers, you’ll also be able to learn how fraudsters leverage that motivation to their own ends.

2. Monitor Fraud Levels Closely and Proactively

Because customers can use TPPs to transact in an open banking environment, they might not think to notify their bank about potential problems. Instead, they’ll notify the TPP who may or may not notify the bank. This can lead to communication gaps in reporting fraud. Watch for data anomalies (ideally in real time) and respond to them quickly because they could be early signs of a bigger problem. For example, a TPP that suddenly triples its typical transaction value in a 24-hour period is a red flag to investigate quickly

3. Make Sure Your Bank’s Strategy is Flexible

Open Banking regulations will change eventually. When this happens your bank will have to shift strategies accordingly. If your bank’s solution only addresses fraud for omnichannel solutions available through open banking, it might not be able to tackle fraud that occurs in traditional channels. Make sure your bank’s solutions work seamlessly across your different channels.

4. Embrace Challenges and Opportunities with FinTech Competitors

New FinTech players in the market bring new challenges for banks. But it’s also an opportunity for your bank to find new opportunities to deliver innovative products. Some banks have even launched their own digital challenger entities that release agile products and force banks to innovate against themselves.

5. Legacy Banks Should Play to Their Strengths

Traditional banks have built their reputations on keeping customers safe. Acknowledge your bank’s strengths by demonstrating an ability to navigate shifting regulations, touting your experience, listening to customers, and letting customers feel safe, secure, and trusting of your financial institution.

Open banking will create new opportunities and challenges for US and Canadian banks. Those who are prepared and eager to embrace the challenge and take time to understand their customers will find it much easier to navigate the new landscape.

Open banking is quickly becoming a reality. Download our eBook, PSD2 & Strong Customer Authentication, to learn how to use machine learning to gain a competitive advantage.

But that’s not all we saw. When I looked ahead back then, the key themes I hoped for in the year 2021 were growth, togetherness, peace and freedom, healing, and normalcy. As it turns out, many of my hopes for 2021 came true. 

“It’s on the strength of observation and reflection that one finds a way. So we must dig and delve unceasingly.” 

Claude Monet

Reflection on 2021

First, it was a year of considerable growth at Feedzai. We had one of our most exciting years in recent memory. Globally, we have seen firsthand the effects of the “Great Resignation” and welcomed 250 new Feedzaians over 2021. Congratulations to all those on your new movement! We also had a fantastic year with a Series D investment and corresponding valuation of over $1.5B that earned us unicorn status, our first acquisition (Revelock), and creating the first RiskOps platform in the world! All done with the support and tremendous work from our global Feedzai family.

It was also a year for togetherness. Living as an expat and not seeing my family and friends for some time cements to me how meaningful connecting in person can be personally and professionally. 

We had several months of traveling with less concern from the lessons learned in 2020. We continue to strive for peace of mind and more freedom to travel. Unfortunately, world events like what happened in Afghanistan and new COVID variants also caused us to worry.

Healing and wellness were at the forefront of our thoughts for our employees. Feedzai is very excited to continue providing an inclusive environment and offer three options for our Remote Flex Work Model, providing and promoting self-care, mental health, mindfulness meditation sessions, and August Four Day Work Weeks. 

Normalcy came back in pockets with employees enjoying lunches, dinners, wine downs, and leadership team-building events across the globe. Yet, globally we have gone back to tighter restrictions; I am impressed how we adapt to our new reality and find different ways to connect and share—and grab those pockets of time together when we can.  

Hopes We’re Still Embracing in 2022  

While my hopes from last year still remain relevant, I am calling out these five words and phrases for 2022. 

1. Connection

No one can go it alone. Even the most independent individual needs time with others. So whether you’re connecting virtually or face to face, make sure to stay in the moment and enjoy that time. 

2. Support Systems

It is essential to ask for help when you need it. To reach out to your family, friends, and colleagues no matter the circumstances. The kindness in the world continues to amaze me, and the support I receive when I ask for it is invaluable. 

3. Understanding

The world is a more complex, challenging place, and we seek to understand different perspectives. Of course, we don’t have to agree, but we can be receptive and kind to each other with a broader comprehension. 

4. Empathy

 We need to remember that all humans have different needs and wants, but we all need to coexist by Cultivating Empathy within ourselves to extend to our outer world. So let’s support each other when we stumble and enable each other to keep reaching higher. 

5. Continue to Innovate

Raising the Bar is one of our principles, and we continue to challenge the status quo. We are willing to take risks that help us to grow. Having too many restrictions can lead to fear, which is not what any of us want. Don’t give up when facing adversity. Take risks, try new things, learn, and grow.  

 “Innovation is the ability to see change as an opportunity – not a threat.” 

Steve Jobs

To each of you, we at Feedzai wish you all the best, and let’s keep our minds open, our curiosities piqued, and our aspirations high. Here’s to a great year of the tiger and 2022!

Listen to 3 Ways AI Bias Harms Minorities and How Banks Can Fix It (10 min):

Algorithmic bias is when AI systems produce outcomes that disproportionately impact and behave unfairly toward certain groups of people. While bias can be unintentionally introduced into AI systems, it has far-reaching effects.

3 Most Common Harms Caused by AI Bias

If left unchecked, algorithmic biases can have a lasting and harmful impact on bank customers’ financial lives. Let’s dive deeper into the types of harm that AI bias can have on customers.

1. Allocation Harm

Allocation Harm (sometimes called the Harm of Allocation) refers to the ability of bank customers to easily access the financial products and services they need. Algorithmic biases can create barriers for minority customers that prevent them from accessing new credit cards, raising their credit lines, getting approved for loans, or qualifying for lower interest rates. What’s more, biased algorithms prevent minority customers from receiving recommendations on better banking products that can improve their financial lives. 

What does allocation harm look like outside the financial services sector? In the healthcare sector, for example, it can manifest itself by failing to recommend vital medical procedures or prescriptions for minority patients. Without the right recommendations, minority patients face significantly higher health risks than other groups. 

2. Quality of Service Harm

Imagine going to a restaurant and having your credit card declined when you finish your meal. It’s embarrassing and makes you angry at your bank. Or in another situation, it might seem that New York generally has higher transaction approval rates. However, upon taking a closer look, we might see Brooklynites experienced much higher rates of declined transactions than customers from Manhattan. These scenarios are quality of service harms that disproportionately impact minority populations. When they arise, minority customers are forced to contact their banks in frustration. 

This isn’t the only way biased algorithms can generate quality of service harms for financial services customers. Suppose a minority customer needs to call their bank and encounters an automated call system that doesn’t understand their accent or chatbots that don’t offer their preferred language. In that case, it adds another quality of service harm to their experience. 

Outside financial services, quality of service harms have also been reported in the wearable devices market. These connected technologies – which are designed to help users track vital health statistics and reach fitness goals – can struggle to read the dark skin tones. The result is inaccurate health data for people of color. 

3. Representation Harm

The final type of harm resulting from algorithmic bias is representation harm. As the name suggests, representation harm can lead to poor representation of large groups. When a group of people experiences negative results (many of which can stem from the earlier examples), the algorithm can inaccurately represent them.

For example, as more African Americans experience declines in card transactions the algorithm may paint others in this same group as high risk. As this unfair representation continues, the algorithm labels similar customers this way. This means more Black, female, and people of color will continue to struggle to access credit or have transactions declined at a considerably higher rate. 

Representation harm manifests itself in other ways outside financial services. Search engine Google, for example, faced criticism for underrepresenting women and minorities in its image search algorithm a few years ago. When searching for terms like “CEO” and “doctor,” the search engine produced images that overwhelmingly showed white males in these roles. Without being addressed, these algorithms can reinforce unfair stereotypes of entire groups.

3 Steps Banks Can Take to Boost AI Fairness

None of these three harms are mutually exclusive. If a bank’s algorithms paint a broad picture of Black or other minority customers as financially risky, these customers are more likely to experience poor quality of service or won’t receive important financial tools and products. Likewise, if a Black customer is unfairly denied higher lines of credit, this causes a domino effect that harms their financial health and causes further representation harm.

Addressing the problems with algorithmic biases is no easy task and can’t be solved overnight. But banks have a critical role in addressing how their algorithms impact the lives of their customers. Here are a few concrete steps that banks and other financial institutions (FIs) can take.

1. Raise AI Bias Awareness 

Being aware of the risks of AI’s potentially biased impact on customers is a critical first step to addressing AI bias. AI and machine learning algorithms are built by human beings, after all. And biases can infiltrate an algorithm at various stages of the algorithm’s lifecycle, from data collection and model development through post-deployment stages. No matter how well-intentioned an algorithm’s design may be, banks and their teams must constantly monitor how these algorithms impact their customers. Staying vigilant against potential problems and holding teams accountable for algorithms that disproportionately impact certain groups of customers more than others is one of the most important actions a bank can take to promote AI fairness.

2. Demand Responsible AI from Your External Partners

In addition to demanding accountability from internal teams, demand it from external vendors, partners, and third-party providers. Banks should consult with their engineering teams to understand the KPIs that are used to measure responsible AI performance. Fairness should become a key KPI in addition to performance. Armed with this knowledge, banks should ask their partners to show how they promote and address responsible AI – or even if they consider it a priority. 

3. Treat AI Bias in Your Bank’s Systems as Another Risk

Banks are in the risk management business. They assess the risks of customer backgrounds, loans, transactions, and more on a daily basis. In addition to including information systems in enterprise risk management, it’s time for banks to explicitly include bias in their AI applications  – as another element that requires a regular risk assessment. Perform regular audits of how the system arrived at its decisions and carefully examine the real-world impact on real people’s lives. If an algorithm works correctly but results in higher transaction declines for Black customers and minorities, immediately look for ways to reduce these harmful effects. Banks that can demonstrate they have improved their models to produce decisions that are 80% more fair than before can say they are making a positive difference in the lives of their minority customers. It is also a win-win situation where banks can make a social impact and use their inclusivity as a market differentiator.

Unfortunately, even in this day and age, AI fairness is still catching on. But banks that are willing and committed to fairness will be in a unique position to improve the lives of their customers and stand apart from their competitors. Black History Month comes but once a year. But pursuing fairness in AI and banking should be a year-round endeavor for all of us.

Can your bank protect the entire customer journey? Watch our on-demand webinar Reinventing Digital Trust Across the Customer Journey to learn how to improve your fraud strategy for 2022.